Operators of commercial vehicles, such as aircraft, trains and ships, have an increasing interest in leveraging broadband IP-based datalinks to communicate operations information between the vehicles and central information management systems. This is in part because routing data through broadband IP-based datalinks tend to provide for higher bandwidth and is more cost-effective as compared to traditional datalinks routed through Datalink Service Providers (DSPs). A problem that comes with broadband IP-based datalinks, however, is that communications between the vehicles and the data systems used by the vehicles' operator become susceptible to malicious interference from other traffic sharing the public Internet network. For example, messages that spoof the operator's systems may be received by the vehicle from other users of the network, or even from passengers on the vehicle who are utilizing offered IP communications and entertainment services. In many instances, it is paramount that the on-vehicle communications functions are able to identify authentic uplink messages in order to ensure the safe and efficient operation of the vehicle.
One approach known in the art is to distribute certificates so that on-vehicle communications functions can authenticate that the uplink messages they receive are from the operator's data service systems, and so that the on-vehicle communications functions can authenticate the downlink messages they send to the data service systems. Certificates would permit the on-vehicle communications functions to sign and authenticate the messages it sends and review the certificates of messages it receives to determine their authenticity. However, one problem that exist with this certificate approach is the ongoing need to renew certificates stored on-board the vehicle when they expire. Another is the need to reload a valid certificate when equipment is replaced during maintenance. For example in the case of a commercial aircraft, the aircraft operator may need to quickly pull out an avionics device and replace that unit between flights. New and valid certificates would need to be loaded onto the avionics device to enable to sign downlink messages and authenticate uplink message. A certificate system would therefore increase the time necessary to perform that replacement, which can delay departure schedules. Symmetric key schemes, which do not rely on certificates, and traditional certificate-based asymmetric key schemes are known, but these systems as they exist today also present problems. Specifically, they both force on the on-vehicle communications function to protect either the symmetric key, or the private key of a public/private asymmetric key pair, from disclosure to maintain communications integrity. Providing such protection can increase the cost and complexity of the on-board equipment.
For the reasons stated above and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the specification, there is a need in the art for systems and methods for a secure subscription-based vehicle data service.